Using CloudFare DNS as VPN

patent10021

macrumors 68030
Original poster
Apr 23, 2004
2,981
422
I want to use Cloudfare as a VPN. I entered 1.1.1.1 and 1.0.0.1 in Airport Utility -> Internet -> DNS Servers. All surfing works.

My real IP still shows though. When I use a VPN app like ExpressVPN my IP is hidden. From what I understand when using CloudFare DNS my real IP will still show but the traffic will be encrypted? So does that mean my footsteps are indeed hidden?

So if I wanted to torrent for example CloudFare would be just as safe as ExpressVPN or other VPN service? Would my ISP still know I am torrenting or more precisely would they know what I am torrenting?

Also, when I go into Network Preferences -> DNS Servers it still says 10.0.1.1 (Airport Express?) and then it says usen.ad.jp under Search Domains. usen.ad.jp also appears in Airport Utility -> Internet -> Domain Name even though I added 1.1.1.1 and 1.0.0.1 to the DNS Servers.

Thanks
 

chrfr

macrumors G3
Jul 11, 2009
8,597
2,787
I want to use Cloudfare as a VPN. I entered 1.1.1.1 and 1.0.0.1 in Airport Utility -> Internet -> DNS Servers. All surfing works.

My real IP still shows though. When I use a VPN app like ExpressVPN my IP is hidden. From what I understand when using CloudFare DNS my real IP will still show but the traffic will be encrypted? So does that mean my footsteps are indeed hidden?

So if I wanted to torrent for example CloudFare would be just as safe as ExpressVPN or other VPN service? Would my ISP still know I am torrenting or more precisely would they know what I am torrenting?

Also, when I go into Network Preferences -> DNS Servers it still says 10.0.1.1 (Airport Express?) and then it says usen.ad.jp under Search Domains. usen.ad.jp also appears in Airport Utility -> Internet -> Domain Name even though I added 1.1.1.1 and 1.0.0.1 to the DNS Servers.

Thanks
Cloudflare DNS is not a VPN. I'm not sure why you'd get that impression, but it doesn't encrypt or redirect your traffic whatsoever.
 

patent10021

macrumors 68030
Original poster
Apr 23, 2004
2,981
422
That's right it is not a VPN service but unlike Google or OpenDNS CloudFare's DNS can be used like a VPN in that it encrypts activity when using their DNS.

Maybe all the news blogs got it wrong?
 

chrfr

macrumors G3
Jul 11, 2009
8,597
2,787
That's right it is not a VPN service but unlike Google or OpenDNS CloudFare's DNS can be used like a VPN in that it encrypts activity when using their DNS.

Maybe all the news blogs got it wrong?
Their DNS is encrypted, but just setting your computer to use the Cloudflare DNS will not encrypt other traffic. They have a service called Warp (currently not available to Macs) which encrypts traffic to CloudFlare but does not provide any masking of your IP address. While you're using Warp, you're technically on a VPN to CloudFlare but this does not disguise who you are to any external sites.
 

patent10021

macrumors 68030
Original poster
Apr 23, 2004
2,981
422
Cloudfare WARP is indeed a VPN in the purest sense since VPNs are not defined by IP obfuscation. VPN was designed to allow a direct and secure connection to a remote network and IP masking is just a byproduct. But yeah, unfortunately Cloudfare's VPN product won't hide my IP. Well at least it's encrypting my traffic. Still better off with ExpressVPN as a complete solution. Only downside is you can't port forward with ExpressVPN so I'll be looking for another service.
 

chrfr

macrumors G3
Jul 11, 2009
8,597
2,787
Cloudfare WARP is indeed a VPN in the purest sense since VPNs are not defined by IP obfuscation. VPN was designed to allow a direct and secure connection to a remote network and IP masking is just a byproduct. But yeah, unfortunately Cloudfare's VPN product won't hide my IP. Well at least it's encrypting my traffic. Still better off with ExpressVPN as a complete solution. Only downside is you can't port forward with ExpressVPN so I'll be looking for another service.
But again, it’s important to understand Warp is a different product than just setting your computer to use 1.1.1.1 as your DNS.
 

gilby101

macrumors regular
Mar 17, 2010
231
91
Tasmania
Their DNS is encrypted, but just setting your computer to use the Cloudflare DNS will not encrypt other traffic.
Setting your DNS to 1.1.1.1 does not encrypt the DNS traffic. You need to use DNS over HTTP (DoH) or similar - which Cloudflare do provide, but macOS does not use without additional software. I use dnscrypt (which acts as a local DNS resolver) on my Mac to connect over DoH.
 

Mikael H

macrumors 6502a
Sep 3, 2014
693
336
I want to use Cloudfare as a VPN. I entered 1.1.1.1 and 1.0.0.1 in Airport Utility -> Internet -> DNS Servers. All surfing works.

My real IP still shows though. When I use a VPN app like ExpressVPN my IP is hidden. From what I understand when using CloudFare DNS my real IP will still show but the traffic will be encrypted? So does that mean my footsteps are indeed hidden?

So if I wanted to torrent for example CloudFare would be just as safe as ExpressVPN or other VPN service? Would my ISP still know I am torrenting or more precisely would they know what I am torrenting?

Also, when I go into Network Preferences -> DNS Servers it still says 10.0.1.1 (Airport Express?) and then it says usen.ad.jp under Search Domains. usen.ad.jp also appears in Airport Utility -> Internet -> Domain Name even though I added 1.1.1.1 and 1.0.0.1 to the DNS Servers.

Thanks
An encrypted VPN creates a tunnel for your traffic, making it look like more or less meaningless noise between your computer and the VPN endpoint, and making the VPN endpoint look like the originating gateway for your computer's Internet traffic.

The protection a VPN gives you if you want to do illegal stuff is that the VPN endpoint looks like the originating gateway for all users of that particular endpoint. Unless you do things that can identify you personally while connected to the VPN, it's hard to identify which user of the VPN endpoint did what. Of course such a service demands that you trust your VPN provider utterly - they potentially hold all the data needed to incriminate you.

Encrypting your DNS traffic only tunnels your DNS queries: Your ISP can still see which IP addresses you asked to contact using which protocols, and all traffic to these servers originates with your own gateway. This provides considerably less security than a (trustworthy) VPN service.